Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Students Sue Google over Gmail Account Scanning

A group of former and current students have sued Google in federal court in San Jose, California, alleging that the company scanned their Gmail accounts and gathered data for advertising purposes.

A group of former and current students have sued Google in federal court in San Jose, California, alleging that the company scanned their Gmail accounts and gathered data for advertising purposes.

Four University of California, Berkeley students claim that the Internet giant scanned their emails despite the fact that they had school-issued accounts, which the company pledged not to track. The plaintiffs say that Google not only scanned their accounts, but also processed and retained their data for advertising and tracking purposes.

On April 30, 2014, Google announced  that it stopped scanning Google Apps for Education (GAFE)-powered account emails for advertising purposes, an activity that it had been engaged in between November 2010 and March 2014.

In December 2015, the Electronic Frontier Foundation (EFF) filed a complaint with the United States Federal Trade Commission (FTC) claiming that Google was spying on students despite committing to not do so. The EFF explained that Google associates students’ educational account in GAFE services with the activity on other services, and that it serves ads in non-GAFE services based on that association.

The practice was said to be in violation of the Student Privacy Pledge , which Google signed previously, and which states that the company was not going to “collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes.” In its complaint, EFF noted that Google was abusing the Sync feature in Chrome on Chromebooks sold to schools for carrying out the collection and tracking of students’ data and activity across services and devices.

Google responded to the EFF complaint and said that the student data in GAFE Core Services is not used for advertising purposes and that Chrome Sync is meant to provide students with instant access to their work across devices. The company also noted that the feature can be easily disabled, but admitted that some Chrome Sync data is used to improve services, but only after “completely removing information about individual users.”

The new complaint (PDF) filed on behalf of four GAFE users claims that Google intercepted and scanned emails in GAE-powered .edu email accounts before the April 2014 announcement, and that the company did so to profile users. Given that some schools informed students that their emails were private, the plaintiffs believe they have strong claims against Google.

Moreover, the complaint states that Google both refused to “release additional details that would confirm its indirect admission that it has stopped collecting or using student data (or information derived from analysis of student data) for advertising purposes,” and refused to delete the data collected prior April 2014 or to promise it won’t use the data for advertising purposes.

Advertisement. Scroll to continue reading.

The lawsuit, known as Corley et al v. Google, suggests that tens of millions of users might have been affected by Google’s actions. On a dedicated website, attorney Ray E. Gallo says that clients from nearly a dozen universities may be accepted on a contingency basis, including students from UC Berkeley, UC Santa Cruz, San Diego State, University of Maine, Bates College, Pacific Lutheran University, Harvard, Yale, University of Arizona, University of Washington, and SUNY Stony Brook.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.